Added a check for the MANAGE_USERS permission to
PackageManagerService#isPackageDeviceAdminOnAnyUser.
Test: Modify the settings app to log the call attempt and follow the
steps below
In order to work around the limitations of N builds we needed to modify
the settings app to log the call attempt. This is described in detail at
b/
128599183#comment15
Bug:
128599183
Change-Id: Ie96c8e174983f61574f12d5d4b210d06377054e5
(cherry picked from commit
7b5a576965696747041c93306a41ed656404ed20)
@Override
public boolean isPackageDeviceAdminOnAnyUser(String packageName) {
+ final int callingUid = Binder.getCallingUid();
+ if (checkUidPermission(android.Manifest.permission.MANAGE_USERS, callingUid)
+ != PERMISSION_GRANTED) {
+ EventLog.writeEvent(0x534e4554, "128599183", -1, "");
+ throw new SecurityException(android.Manifest.permission.MANAGE_USERS
+ + " permission is required to call this API");
+ }
return isPackageDeviceAdmin(packageName, UserHandle.USER_ALL);
}